Slashdot Mirror


Is Linux as Secure as We'd Like to Think?

man_of_mr_e asks: "With all the recent brouhaha about Blaster and Sobig, there's been a lot of talk about how poor Windows security is, especially compared to the Linux we all know and love. But is this really true? The website defacement archive at Zone-h shows that Linux accounts for 61% of the defacements in the last 24 hours (note, this figure changes, so it might be different when you view it). An analysis of the last few weeks of their archive shows a similar percentage of exploited Linux systems. Note also that the 'Unknown' category is rather high, and certainly contains at least some Linux systems, further increasing the percentage. Why is this? Are we just deluding ourselves about our own security? Could there be a Linux 'Blaster' just waiting to happen?" While "defacements" don't necessarily mean "root level break-in", sometimes getting your foot in the door is enough. If this happens, wouldn't Linux then be just as exploitable as Windows? Are there other reasons why the likelihood of a "Sobig" or an "ILUVYOU" would be lower for Linux than Windows?

13 of 1,091 comments (clear)

  1. Short answer No, Long answer Maybe by Anonymous Coward · · Score: 5, Funny

    Personally I have all my end-users sign on as root. So far so good

  2. Updates on Linux by rantenki · · Score: 5, Funny

    I just install a vanilla Redhat on all my boxes. They get rooted within a few days, and the hax0rs take care of the security updates for me. Course, I can't log in as root anymore, but hey... that's a feature.

  3. It's easy by brooks_talley · · Score: 5, Funny

    Windows web defacements are the fault of a crappy, inherently insecure operating system from a criminal monopoly.

    Linux defacements are the fault of stupid admins who can't be bothered to install the latest patches, or who are too incompetent to install the OS and configure it for security.

    I thought everyone knew that.

    Cheers
    -b

  4. Hello, son by Anonymous Coward · · Score: 3, Funny

    It has come to our attention that not only are you wasting your time posting to slashdot when you should be looking for a job, but you are also a moron. The W32.Blaster worm goes by many names, something you as a geek should know.

    Please move out of our basement and take all your Hentai DVDs with you.

    Love,

    Mum and Dad.

  5. Re:Numbers! by Brento · · Score: 5, Funny

    Hey, if I told you that one in every two Ferrari F-40's explode for no reason, but only 1 in every 1000 Honda Civics explode for no reason, which explosions are going to be more noticed?

    The Ferraris, because nobody important drives a Civic.

    Knock off balding middle-aged, filthy rich tycoon, and that'll get more press than offing a bunch of morons who put rear spoilers on front-wheel-drive cars.

    But I digress...

    --
    What's your damage, Heather?
  6. Re:Social-engineering != Virus by Gherald · · Score: 5, Funny

    > These are socially engineered programs designed to get the user to run them.

    Re: Approved

    Please log in as root to accept this offer...

  7. full-time Linux users are more savvy by SHEENmaster · · Score: 4, Funny

    It's those communist dual-booters that we have to worry about.

    --
    You can't judge a book by the way it wears its hair.
    1. Re:full-time Linux users are more savvy by RedHat_Linux_Man · · Score: 2, Funny

      It's those communist dual-booters that we have to worry about.
      Or schizophrenic dual-booters...

  8. More to the point by soloport · · Score: 5, Funny

    Take your most savy Linux guru and your most savy Windows mouse-clicker (can often be one and the same person). Let each setup a secure server and point each server to the Internet.

    Now sit back and wait for shit to happen.

    Eventually it will be proven that the best platform is freebsd.

  9. Re:I think its the apes by Pinky · · Score: 4, Funny

    That is dangerous! There could be a hidden or obfuscated loophole. I, for one, never run any code that hasen't been written by myself while under polygraph examination. I keep my website running in a concrete block under the ocean and I keep all the clocks in my appartment running at different times, just in case my future self came back in time to try to sabotage my project. Every one should do it.

    When I introduce someone to coding I chop off their hands and then hide them to be sure they won't code anything. New users think I'm paranoid and arrogent but I don't want any one of the mindless rabble to come and get me in middle of the night when the KGB hacks their site. :-)

  10. Summary of this discussion by AlXtreme · · Score: 2, Funny

    69% of these comments are about how stupid the administrators are, and that they need to read their Linux-for-dummies again. These are comments from the general Linux zealots^Wusers, and are naturally ignored. We already know that admin's are brain-dead.
    7% talk about how safe their MacOS is, but 93% will skip those comments, as Apple is just another Microsoft OS (MS has a large portion of Apple's stock)
    3% blame Apache, and promote the use of proprietary solutions as they are So Much More Secure(tm). Good for a laugh.
    8% are the BSD-trolls. Only problem is that they still have to use lynx to post their remarks, nobody cares about them anymore. Especially not the general Linux zealot^Wuser reading their posts. BSD, pfff, something that free can't be good. I mean, Windows used their code...
    6% are the trolls ranting against something called google, that makes all those script kiddies so-called blackhats after enough time. Yes, your kid brother has just grown up, and has exploited apache and your 2.4.20 kernel to gain root privileges on your box. Even worse, he's just told your mother about your secret pr0n stash in /root/.this/.is/.secret/. Life's a b*tch...
    4% are the MS-trolls, those who have lived under a rock for the last decade. Or at least the last few weeks. Anyway, there would be more of these posts, but i'm afraid 98% of people using Windows(tm) were attacked by all em scary worms out there, and rebooted for the 50th time today. Whoopie! No Blue -Screens anymore!
    2% are the ones commenting the BSD trolls, but nobody sees their remarks or could care less.
    1% are the lame people that rant about how deceptive statistics are... this post is one:

    lies, damned lies and statistics.

    We now return to our regular programming...

    --
    This sig is intentionally left blank
  11. Who Is "zone-h" ... by Mooncaller · · Score: 2, Funny

    ... and why should I trust what they say? They can't even survive a little /.ing, so I'm not impressed.

  12. Re:Linux does not require technical ability by rbullo · · Score: 2, Funny

    You use Red Hat because it's the most popular distro in your home country?

    cheap simpsons quote

    How rebellious... in a conformist sort of way.

    end cheap simpsons quote

    --
    OH NOES!!! IT APPEARS YUO DO NOT HAVE ENOUGH MONEY TO PAY FOR DIS HERE PIZZA! WAHT EVER ARE YOU GOING TO DO!?!?